User Authentication Policy¶

Users of the ALCF systems are required to use a one-time passcode (OTP) generated by a physical token or MobilePASS+ mobile token. This document explains the policies users must follow regarding your access token for accessing the ALCF systems.

Multi-factor authentication¶

By the NIST guidelines for identification and authentication (NIST 800-53, Revision 3, Control IA-2), ALCF aims for a Moderate level of security controls. All production systems in ALCF require multi-factor authentication for users. The two factors are your token PIN and the OTP generated by the token.

Mobile and physical tokens¶

ALCF provides every user of the production resources a physical or mobile token. An account can only be associated with a single token (physical or mobile). See Using Passcode Tokens for more information.

At the end of your account or project lifecycle, the physical token must be returned to ALCF Support:

Protecting Your Passcode Token¶

Your passcode token should be protected by you as carefully as your credit cards or house keys. If your token is lost, stolen, or damaged, please contact us immediately so that we can deactivate the token and prevent unauthorized access. Sharing of tokens is strictly forbidden. Please do not mark on the token or alter it in any way.